Vlan ACL issue s5600

Hi

I have two H3C-S5600-50Clayer 3 switches running different VLANs.

My inter VLAN communication works 100% after assigning VLAN interfaces on the switches. The problem I am facing is as follows. I want to Permit communication between some vlan and deny communication between some vlan,But when i exec deny statement all the traffic is block.

How must the command look, must it be applied globally, per VLAN or per port ? what must the match order be ? The s5600 supports inbound packet-filtering.

I have read all the manuals available from 3 COM but the info is a bit scarce or I do not understand it 100% correctly

Re: Vlan ACL issue s5600

Hi Muhammed.

By default, any ACL has a implicit "deny" at the end of the rule. So, try to setup your rules including the permit rules first; this will permit only the networks you want and block all the additional traffic. If you need to block a specific network or host, include it in a deny rule after the permit rules just to ensure that host or network will not pass anyway.

In 3Com/H3C switches you have to apply the ACL per port. You can apply the ACL per VLAN also, but it will work to the entire switch, even in the trunking ports, so the better option is to apply the ACL per port, in order to achieve more flexibility.